governanceRoleSetting resource type

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Caution

This version of the Privileged Identity Management (PIM) API for Azure Resource roles will be deprecated soon. Please use the new Azure REST PIM API for Azure resource roles.

Represents a set of configurations on each role definition that needs to be evaluated against when role assignments are created or modified. For example, role settings might include "maximum assignment duration" rule, "MFA required on activation" rule, and so on.

Methods

Method Return Type Description
List governanceRoleSetting collection List a collection of role settings on a resource.
Get governanceRoleSetting Read properties and relationships of a role setting.
Update governanceRoleSetting Update a role setting object.

Properties

Property Type Description
id String The id of the roleSetting.
resourceId String Required. The id of the resource that the role setting is associated with.
roleDefinitionId String Required. The id of the role definition that the role setting is associated with.
isDefault Boolean Read-only. Indicate if the roleSetting is a default roleSetting
lastUpdatedDateTime DateTimeOffset Read-only. The time when the role setting was last updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z
lastUpdatedBy String Read-only. The display name of the administrator who last updated the roleSetting.
adminEligibleSettings governanceRuleSetting collection The rule settings that are evaluated when an administrator tries to add an eligible role assignment.
adminMemberSettings governanceRuleSetting collection The rule settings that are evaluated when an administrator tries to add a direct member role assignment.
userEligibleSettings governanceRuleSetting collection The rule settings that are evaluated when a user tries to add an eligible role assignment. The setting is not supported for now.
userMemberSettings governanceRuleSetting collection The rule settings that are evaluated when a user tries to activate his role assignment.

Relationships

Relationship Type Description
resource governanceResource Read-only. The associated resource for this role setting.
roleDefinition governanceRoleDefinition Read-only. The role definition that is enforced with this role setting.

JSON representation

Here is a JSON representation of the resource.

{
  "id": "String (identifier)",
  "resourceId": "String",
  "roleDefinitionId": "String",
  "isDefault": true,
  "lastUpdatedDateTime": "String (timestamp)",
  "lastUpdatedBy": "String",
  "adminEligibleSettings": [{"@odata.type": "microsoft.graph.governanceRuleSetting"}],
  "adminMemberSettings": [{"@odata.type": "microsoft.graph.governanceRuleSetting"}],
  "userEligibleSettings": [{"@odata.type": "microsoft.graph.governanceRuleSetting"}],
  "userMemberSettings": [{"@odata.type": "microsoft.graph.governanceRuleSetting"}]
}